com.liferay.knowledge.base.service is vulnerable to cross-site scripting (XSS). The vulnerability exists because it does not properly sanitize the user-provided parameters such as userId
, allowing a remote attacker to inject arbitrary Javascript into the victimβs browser.